Cameron McCormack: > >I don't see any reason (except for the stated goal of finding a common > >baseline on all implementations) to exclude some HTTP headers.
Anne van Kesteren: > You mean methods? What about methods other specifications are introducing? Sorry, yes, methods. What's the possible reason for restricting the method sent at all? Are there any security implications for allowing any syntactically valid method and just leave it up to the server to decide what is appropriate (given same-host connection restrictions)? Maybe CONNECT's potential for bad outweighs the good... -- Cameron McCormack ICQ: 26955922 cam (at) mcc.id.au MSN: cam (at) mcc.id.au http://mcc.id.au/ JBR: heycam (at) jabber.org
